On Mon, Jun 02, 2008 at 03:14:08PM +0300, Henrik K wrote: > On Mon, Jun 02, 2008 at 01:28:21PM +0200, Matus UHLAR - fantomas wrote: > > On 30.05.08 15:37, Larry Ludwig wrote: > > > IMHO regex setups are even more reliable we do this with our postfix > > > setup. > > > > > > For example: > > > /^c-.+-.+-.+-.+\..+\..+\.comcast\.net$/ REJECT > > > dynamic ip address use isp for outgoing email - access.regex > > > > > > I think is more reliable than just by name or especially by IP since IP > > > allocations do change. > > > > looking at 20_dynrdns.cf we see that there are MANY forms of marking > > dynamically allocated space. The score of RDNS_DYNAMIC dropped in the past > > (there were FP's reportet iirc) and now it's mostly used in conjuction with > > other rules. > > > > If your regexp's are THAT efficient, share them with us please. > > 20_dynrdns is lame and no one is really updating it. It doesn't even strip > domains, resulting in hosts like smtp.dynamic1.com to match. It's pretty > cumbersome to use the meta headers too. It needs some revamping to be more > useful. > > That's why there are plugins like Botnet and my BadRelay[1] (which handles > domains properly). My tool is pretty outdated too, I haven't updated it > since I started blocking and greylisting suspicious hosts directly at MTA. > Not much passes through. > > For a really big regexp list, have a look at [2]. > > [1] http://sa.hege.li/ > [2] http://www.linuxmagic.com/opensource/anti_spam/dynamic_regex/
Just a few more hints. If you are scared to block anything directly, greylist everything suspicious with a long delay. And using same dynamic regexp lists to match HELO is even more foolproof. Also check some more generic regexpes from my examples: http://hege.li/howto/spam/etc/postfix/in/ (access_helo_dynamic, greylist_*, whitelist_client) DNSBL operators will thank you for using such lists before any queries.
